I teach at a fairly small Christian school and one of our newest teachers (teaches history and media [school TV show]) has helped improve our constantly down and problem prone Windows network. Until he started working on our network, the system used to go down regularly and STAY down for a while. It was really annoying. In any event, I was chatting with our media teacher and I shared with him how I run Linux on my laptop that I bring to school everyday. He said that he would like to setup a Linux box on the network as a firewall and web content filter (block specific sites and sites with inappropriate content). I told him that I would look into how to setup Slackware for this purpose. I have done a search on Linux Questions and on the net. The information I found was a tad sketchy. Have any of y'all setup a Slack box for this purpose? I need all of the guidance I could get.

You can use Squid for this, either from http://www.squid-cache.org/ or there may be a package on the CDs. It's a bit tedious parsing log files so you may want to use something like Calamaris (http://cord.de/tools/squid/calamaris/) to help with that.

If you find that setting up access control lists is a bit clunky, there are other tools like DansGuardian (http://dansguardian.org/) that work with Squid to provide content filtering.

That's a vague answer I've given you, but I'd recommend starting with Squid and building from there. Once you start having specific problems there are plenty of people here who can help.

SARG (http://sarg.sourceforge.net/) is also a nice reporting tool for Squid.

Ok, I will be given the PC to setup tomorrow. Having looked at Squid, their website recommends at least 512MB of RAM for the web caching. PROBLEM....the machine will only have 128MB. Now, do I REALLY need that much for a content filter?? I suppose I might be able to ask our tech teacher for more RAM if he has it in another machine that is just laying around.

Suppose I don't like Squid, could I just use DansGuardian only? It appears that DansGuardian allows for everything I am looking for; content filtering, URL filtering, etc.

Ok, last question. I was told that I need to setup the PC as a Firewall. How do I do that?

Thanks for helping out this newbie.

You will need a proxy server if you're running DansGuardian according to http://dansguardian.org/?page=requirements. As to whether Squid will run in less memory, there's some stuff on reducing memory usage at http://www.squid-cache.org/Doc/FAQ/FAQ-8.html#ss8.9. I'm not optimistic about running it with 128MB RAM though - there's a question/answer about why it uses so much at http://www.squid-cache.org/Doc/FAQ/FAQ-8.html#ss8.1.

Laslty, for firewalling under Linux, check out the iptables docs at http://www.netfilter.org/documentation/index.html. For FAQs, GUIs etc. have a look at http://www.linuxguruz.com/iptables/ and http://www.linuxquestions.org/linux/...n_iptables_GUI in no particular order.

Hope that helps...

Ok, is there any alternate, less memory demanding solution? I read somewhere that Apache can be used for a proxy.

Apache's proxy capabilities are for something else entirely. Squid is a decent hog, but considering the traffic it's handling...
Memory is really cheap these days; why not bump up the amount?

Well, here is the deal. There are about 10 computers in the library, 7 in our media teacher's room, about 7 or 8 for administrators and about 5-7 classroom computers. That's about 25 or so. In our other school building there may be about as many PCs. Now it is HIGHLY unlikely that all of these machines will surf the net at the same time. In fact I would say more than half of these machines stay static for most of the day.

I would just like to setup a slack box that can do some decent filtering. I will have to see if our media teacher can harvest some RAM from another machine. That should help.

Since you stated that the school was fairly small the machine does not need to be a beast... you will do fine with 128M. It isn't a desktop too?

Slackware runs as beefy or as lean as you want it to. Do an everything installation to simplify the process if you are not familiar/comfortable yet with Slack. You can always remove packages after the painless and promptless installation. When you feel more comfortable with Slackware the tag files are excellent.

Slackware defaults to run level 3 so X will not be running which will save you resources. If you want a graphical admin utility check out webmin and the simple theme.

You also stated that it needed to be a firewall. Others have suggested Dans Guardian.... I've tried it... tried a couple other gui tools. If you truly wish to understand it ya gotta use the shell. For help with rc.firewall for Slackware check out Slackware Tips & Tricks Jack S. Lai is very informative.

Here is a simple sample rc.firewall file:
#!/bin/bash
# Basic script to keep the server secured

# Flush the tables to apply changes
iptables -F

## Default policy to drop 'everything'
iptables -P INPUT DROP
iptables -P FORWARD DROP

## Allow established connections and programs that use loopback
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT

## Allow offered service clients to connect to ethernet interface

# Secure Shell
#iptables -A INPUT -p tcp --dport 22 -i eth0 -j ACCEPT

# HTTPD & SSL
#iptables -A INPUT -p tcp --dport 80 -i eth0 -j ACCEPT
#iptables -A INPUT -p tcp --dport 443 -i eth0 -j ACCEPT

# Webmin
#iptables -A INPUT -p tcp --dport 10000 -i eth0 -j ACCEPT

#end script

---
Have Fun! ;-)

If you are just using Squid for filtering (and not caching), you should be alright.

Is there a way to "shut off" the caching and have it just do filtering?

Just a thought, but you might be better off with something like www.smoothwall.net. I believe it does do stateful packet inspection and filtering as well as firewalling.

slight

I'm sorry, I don't know offhand. I'm sure it's just an option in it's config file.

caching helps speed up the web surfing speed(if you know how to configure it correctly). Since your network is quite small and you are running on 128MB RAM only, just allocate a small amount of harddisk space for it.

i forgot something. It might be useful too if you choose to use reiserfs filesystem on the linux box. Reiserfs is good at processing small files..